aboutsummaryrefslogtreecommitdiff
path: root/src/libcrypto.c
diff options
context:
space:
mode:
authorDirkjan Bussink <d.bussink@gmail.com>2020-12-22 19:23:13 +0100
committerJakub Jelen <jjelen@redhat.com>2021-01-11 10:45:22 +0100
commitda36ecd6f25027c8767cd1132229450d699bd49f (patch)
tree5cd90bb5a94962e8e87b88b6efdec2aaaf278759 /src/libcrypto.c
parent385ac0911dfc4db7955a0a8ee78b6b0cd189026d (diff)
downloadlibssh-da36ecd6f25027c8767cd1132229450d699bd49f.tar.gz
libssh-da36ecd6f25027c8767cd1132229450d699bd49f.tar.xz
libssh-da36ecd6f25027c8767cd1132229450d699bd49f.zip
Move HMAC implementation to EVP API
Now that the minimum OpenSSL version is 1.0.1, we know that the EVP HMAC API is always available. This switches to this API. The existing API is deprecated for OpenSSL 3.0. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/libcrypto.c')
-rw-r--r--src/libcrypto.c37
1 files changed, 27 insertions, 10 deletions
diff --git a/src/libcrypto.c b/src/libcrypto.c
index c82b4b5e..a9fecbe4 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -423,42 +423,59 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type)
{
HMACCTX ctx = NULL;
+ EVP_PKEY *pkey = NULL;
+ int rc = -1;
- ctx = HMAC_CTX_new();
+ ctx = EVP_MD_CTX_new();
if (ctx == NULL) {
return NULL;
}
+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, len);
+ if (pkey == NULL) {
+ goto error;
+ }
+
switch (type) {
case SSH_HMAC_SHA1:
- HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL);
+ rc = EVP_DigestSignInit(ctx, NULL, EVP_sha1(), NULL, pkey);
break;
case SSH_HMAC_SHA256:
- HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
+ rc = EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, pkey);
break;
case SSH_HMAC_SHA512:
- HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
+ rc = EVP_DigestSignInit(ctx, NULL, EVP_sha512(), NULL, pkey);
break;
case SSH_HMAC_MD5:
- HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL);
+ rc = EVP_DigestSignInit(ctx, NULL, EVP_md5(), NULL, pkey);
break;
default:
- HMAC_CTX_free(ctx);
- ctx = NULL;
+ rc = -1;
+ break;
}
+ EVP_PKEY_free(pkey);
+ if (rc != 1) {
+ goto error;
+ }
return ctx;
+
+error:
+ EVP_MD_CTX_free(ctx);
+ return NULL;
}
void hmac_update(HMACCTX ctx, const void *data, unsigned long len)
{
- HMAC_Update(ctx, data, len);
+ EVP_DigestSignUpdate(ctx, data, len);
}
void hmac_final(HMACCTX ctx, unsigned char *hashmacbuf, unsigned int *len)
{
- HMAC_Final(ctx, hashmacbuf, len);
- HMAC_CTX_free(ctx);
+ size_t res;
+ EVP_DigestSignFinal(ctx, hashmacbuf, &res);
+ EVP_MD_CTX_free(ctx);
+ *len = res;
}
static void evp_cipher_init(struct ssh_cipher_struct *cipher)